Federal Reserve’s Barr Warns: Deepfakes Raise Alarming Risks for Bank Cybersecurity

Federal Reserve Governor Michael S. Barr delivered a stark warning about the growing use of deepfakes in financial cybercrime, calling on banks, customers, and regulators to step up defenses as generative AI fuels increasingly sophisticated fraud schemes.

“Now, advances in AI can do much more damage by replicating a person’s entire identity,” Barr said at the Federal Reserve Bank of New York. “This technology—known as deepfakes—has the potential to supercharge identity fraud.”

Barr explained that deepfake technology now enables attackers to convincingly mimic the voices and images of individuals using generative adversarial networks (GANs) and voice synthesis tools. Criminals can manipulate short audio clips or video footage to impersonate executives or family members in high-stakes scams.

“Deepfake attacks are those in which an attacker uses Gen AI to create a doppelganger with a person’s voice or image and uses this doppelganger to interact with individuals or institutions to commit fraud,” he said.

“Over 10 percent of companies reported experiencing deepfake fraud attempts”

The consequences have already begun to emerge. In one case, Barr said, “a sophisticated deepfake of the chief financial officer for British engineering and architectural firm Arup was reportedly deployed in a video meeting and convinced an Arup financial employee to transfer $25 million to thieves.” In another incident, criminals attempted to impersonate the CEO of Ferrari with a fake audio call that mimicked his southern Italian accent. The fraud was only prevented after a personal verification question exposed the ruse.

“A 2024 survey finds that over 10 percent of companies reported experiencing deepfake fraud attempts, and few steps have been taken to mitigate the risks,” Barr warned.

These attacks, he said, are outpacing traditional defenses. “There is an asymmetry—the fraudsters can cast a wide net… and they only need a small number to be successful. Their marginal cost is generally low… Conversely, companies… will thus be slower in developing their defenses. A single failure is very costly.”

To respond, Barr outlined multiple steps for banks, customers, and regulators. He called banks “frontline defenders” and said they should adopt AI-powered defenses like voice analysis, behavioral biometrics, and facial recognition to combat synthetic impersonations. He also recommended the use of analytics to verify both the identity of the sender and the legitimacy of the transaction recipient.

“Banks have two points of control over the transaction—confirming not only the sender’s identity, but also the legitimacy of the recipient address,” Barr said. He emphasized the importance of “advanced analytics to flag suspicious patterns that could indicate fraudulent activities.”

He also urged customers to take precautions. “They should seek out education for themselves and their loved ones to help them detect and prevent fraud before it occurs,” he said. “When it comes to protecting our money, we ought to expect and appreciate a little friction.”

Regulators should work with core service providers

Regulators, according to Barr, should update guidance, work with core service providers, and support research on fraud detection. He said the official sector should “highlight research and development for cybersecurity startups and research into tools to combat deepfakes and Gen AI-based fraud.”

Additionally, enforcement should play a central role. “We should help ensure that banks and other regulated institutions meet their duties to report cyber incidents in a timely way,” Barr said. “Another way to disrupt the economics of cybercrime is by increasing penalties for attempting to use Gen AI to commit fraud… The fear of severe legal consequences could help to deter bad actors.”

He concluded with a broader message: “Deepfakes are only one of many new techniques to facilitate cyberattacks, but they feel particularly salient because they are so personal. And they are on the rise. We will need financial institutions to adapt, collaborate, and innovate in the face of these emerging threats.”